From 83de6e93ae1d6082c4f4d06f365f268e2e121a1c Mon Sep 17 00:00:00 2001
From: "hunje.yeon" <hunje.yeon@samsung.com>
Date: Fri, 3 Apr 2015 23:46:20 +0900
Subject: [PATCH] Notification Manager - Fix memory deallocation.

Problem: Memory unsafe function is used.
How: Change sprintf to snprinft to avoid memory problems.

Change-Id: I864c5c39c13c07533693b6b59f35e48d15518f4e
Signed-off-by: yeonhunje <hunje.yeon@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/643
Reviewed-by: Uze Choi <uzchoi@samsung.com>
Tested-by: Uze Choi <uzchoi@samsung.com>
---
 .../NotificationManager/src/hosting.c              | 59 +++++++++++++++-------
 .../NotificationManager/src/requestHandler.c       |  2 +-
 service/notification-manager/SConscript            |  7 +++
 .../linux/sampleConsumer/SampleConsumer.cpp        |  8 ---
 .../linux/sampleProvider/SampleProvider.cpp        |  5 ++
 5 files changed, 54 insertions(+), 27 deletions(-)

diff --git a/service/notification-manager/NotificationManager/src/hosting.c b/service/notification-manager/NotificationManager/src/hosting.c
index e9d046e..c614ee0 100755
--- a/service/notification-manager/NotificationManager/src/hosting.c
+++ b/service/notification-manager/NotificationManager/src/hosting.c
@@ -1,6 +1,6 @@
 //******************************************************************
 //
-// Copyright 2014 Samsung Electronics All Rights Reserved.
+// Copyright 2015 Samsung Electronics All Rights Reserved.
 //
 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 //
@@ -353,6 +353,11 @@ OCStackResult OICStartCoordinate()
     s_requestHandleList = createRequestHandleList();
     result = requestPresence(OC_DEFAULT_ADDRESS);
 
+    if(result != OC_STACK_OK)
+    {
+        return OC_STACK_ERROR;
+    }
+
     return result;
 }
 
@@ -360,7 +365,11 @@ OCStackResult OICStopCoordinate()
 {
     OCStackResult result = OC_STACK_ERROR;
 
-    destroyMirrorResourceList(s_mirrorResourceList);
+    result = destroyMirrorResourceList(s_mirrorResourceList);
+    if(result != OC_STACK_OK)
+    {
+        return OC_STACK_ERROR;
+    }
 
     return result;
 }
@@ -833,8 +842,8 @@ OCStackApplicationResult checkResourceValidation(OCDoHandle handle)
         OC_LOG_V(DEBUG, HOSTING_TAG, "This response is Alive Check : Expired resource");
 
         OCDeleteResource(foundRequestHandle->requestHandle[OIC_REQUEST_BY_CLIENT]);
-        deleteRequestHandleFromList(s_requestHandleList, foundRequestHandle);
     }
+    deleteRequestHandleFromList(s_requestHandleList, foundRequestHandle);
     return OC_STACK_DELETE_TRANSACTION;
 }
 
@@ -850,20 +859,31 @@ MirrorResource *updateMirrorResource(OCDoHandle handle, const char *payload)
         return NULL;
     }
 
+    cJSON *repData;
     cJSON *observeJson = cJSON_CreateObject();
     observeJson = cJSON_Parse(payload);
 
-    cJSON *ocArray = cJSON_GetObjectItem(observeJson, "oc");
-    int arraySize = cJSON_GetArraySize(ocArray);
-
-    cJSON *ocArray_sub = cJSON_GetArrayItem(ocArray, 0);
-    cJSON *tempData = cJSON_GetObjectItem(ocArray_sub, "rep");
-    char *temp = cJSON_PrintUnformatted(tempData);
+    if (observeJson)
+    {
+        cJSON *ocArray = cJSON_GetObjectItem(observeJson, "oc");
+        int arraySize = cJSON_GetArraySize(ocArray);
 
-    cJSON *repData = cJSON_Parse(temp);
+        cJSON *ocArray_sub = cJSON_GetArrayItem(ocArray, 0);
+        cJSON *tempData = cJSON_GetObjectItem(ocArray_sub, "rep");
+        char *temp = cJSON_PrintUnformatted(tempData);
 
-    free(temp);
-    cJSON_Delete(observeJson);
+        repData = cJSON_Parse(temp);
+        if (temp != NULL)
+        {
+            free(temp);
+        }
+        cJSON_Delete(observeJson);
+    }
+    else
+    {
+        OC_LOG_V(DEBUG, HOSTING_TAG, "payload is not correct");
+        return NULL;
+    }
 
     if (foundMirrorResource->rep)
     {
@@ -875,7 +895,7 @@ MirrorResource *updateMirrorResource(OCDoHandle handle, const char *payload)
     cJSON *json = cJSON_CreateObject();
 
     char nodeData[OIC_STRING_MAX_VALUE] = {'\0'};
-    sprintf(nodeData, "%s", foundMirrorResource->uri);
+    snprintf(nodeData, sizeof(foundMirrorResource->uri), "%s", foundMirrorResource->uri);
     cJSON_AddStringToObject(json, "href", nodeData);
 
     cJSON *nodeRep = cJSON_Parse(cJSON_PrintUnformatted(foundMirrorResource->rep));
@@ -1165,6 +1185,7 @@ OCStackResult requestIsAlive(const char *address)
         {
             deleteRequestHandleFromList(s_requestHandleList, requestAlive);
         }
+        mirrorResource = mirrorResource->next;
     }
     destroyMirrorResourceList(requestMirrorResourceList);
 
@@ -1274,7 +1295,7 @@ OCStackResult requestQuery(RequestHandle *request, OCMethod method,
     }
     else
     {
-        sprintf(queryFullUri, "coap://%s%s%s", queryAddress , queryUri, OIC_COORDINATING_FLAG);
+        snprintf(queryFullUri, sizeof(queryFullUri) ,"coap://%s%s%s", queryAddress , queryUri, OIC_COORDINATING_FLAG);
     }
 
     cbData.cb = requestQueryCB;
@@ -1283,7 +1304,7 @@ OCStackResult requestQuery(RequestHandle *request, OCMethod method,
 
     if(method == OC_REST_PUT){
         char payload[OIC_STRING_MAX_VALUE] = {'\0'};
-        sprintf(payload , "%s" ,
+        snprintf(payload , OIC_STRING_MAX_VALUE, "%s" ,
          ((OCEntityHandlerRequest*)request->requestHandle[OIC_REQUEST_BY_CLIENT])->reqJSONPayload);
 
         result = OCDoResource(&request->requestHandle[OIC_REQUEST_BY_COORDINATOR],
@@ -1374,7 +1395,7 @@ OCEntityHandlerResponse buildEntityHandlerResponse(OCEntityHandlerRequest *entit
            sizeof response.sendVendorSpecificHeaderOptions);
     memset(response.resourceUri, 0, sizeof response.resourceUri);
 
-    char *temp;
+    char *temp = NULL;
     if(entityHandlerRequest->method == OC_REST_PUT){
         cJSON *observeJson = cJSON_CreateObject();
         observeJson = cJSON_Parse(clientPayload);
@@ -1404,7 +1425,9 @@ OCEntityHandlerResponse buildEntityHandlerResponse(OCEntityHandlerRequest *entit
     response.persistentBufferFlag = 0;
 
     if(entityHandlerRequest->method == OC_REST_PUT){
-        free(temp);
+        if(temp){
+            free(temp);
+        }
     }
 
     return response;
@@ -1420,7 +1443,7 @@ OCEntityHandlerResult handleRequestPayload (OCEntityHandlerRequest *entityHandle
     {
         sprintf(payload,"");
         OC_LOG_V(DEBUG, HOSTING_TAG, "DELETE");
-        return OC_EH_OK;
+        return OC_EH_RESOURCE_DELETED;
     }
 
     char *responsePayload = buildResponsePayload(entityHandlerRequest);
diff --git a/service/notification-manager/NotificationManager/src/requestHandler.c b/service/notification-manager/NotificationManager/src/requestHandler.c
index 690e1a8..8508d9d 100644
--- a/service/notification-manager/NotificationManager/src/requestHandler.c
+++ b/service/notification-manager/NotificationManager/src/requestHandler.c
@@ -1,6 +1,6 @@
 //******************************************************************
 //
-// Copyright 2014 Samsung Electronics All Rights Reserved.
+// Copyright 2015 Samsung Electronics All Rights Reserved.
 //
 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 //
diff --git a/service/notification-manager/SConscript b/service/notification-manager/SConscript
index d8a55b7..bfee8f2 100644
--- a/service/notification-manager/SConscript
+++ b/service/notification-manager/SConscript
@@ -4,6 +4,13 @@
 
 Import('env')
 
+if env.get('RELEASE'):
+	env.AppendUnique(CCFLAGS = ['-Os'])
+	env.AppendUnique(CPPDEFINES = ['NDEBUG'])
+else:
+	env.AppendUnique(CCFLAGS = ['-g'])
+	env.AppendUnique(CPPDEFINES = ['-DTB_LOG'])
+
 lib_env = env.Clone()
 SConscript(env.get('SRC_DIR') + '/service/third_party_libs.scons', 'lib_env')
 notimgr_env = lib_env.Clone()
diff --git a/service/notification-manager/SampleApp/linux/sampleConsumer/SampleConsumer.cpp b/service/notification-manager/SampleApp/linux/sampleConsumer/SampleConsumer.cpp
index f413428..2f032fe 100644
--- a/service/notification-manager/SampleApp/linux/sampleConsumer/SampleConsumer.cpp
+++ b/service/notification-manager/SampleApp/linux/sampleConsumer/SampleConsumer.cpp
@@ -167,15 +167,7 @@ void foundResource(std::shared_ptr< OCResource > resource)
 
     try
     {
-        /*std::lock_guard<std::mutex> lock(curResourceLock);
-        if (g_curResource)
-        {
-            std::cout << "Found another resource, ignoring" << std::endl;
-            return;
-        }*/
-
         std::cout << "mutex lock passed" << std::endl;
-
         if (resource)
         {
             std::cout << resource->uri() << std::endl;
diff --git a/service/notification-manager/SampleApp/linux/sampleProvider/SampleProvider.cpp b/service/notification-manager/SampleApp/linux/sampleProvider/SampleProvider.cpp
index f7079eb..f94f7d6 100755
--- a/service/notification-manager/SampleApp/linux/sampleProvider/SampleProvider.cpp
+++ b/service/notification-manager/SampleApp/linux/sampleProvider/SampleProvider.cpp
@@ -269,6 +269,10 @@ OCEntityHandlerResult entityHandler(std::shared_ptr< OCResourceRequest > request
                 {
                     ehResult = OC_EH_OK;
                 }
+                else
+                {
+                    cout << "put request Error\n";
+                }
             }
 
             else if (requestType == "POST")
@@ -344,6 +348,7 @@ OCEntityHandlerResult entityHandler(std::shared_ptr< OCResourceRequest > request
 
 void quitProcess()
 {
+    unregisterResource(myResource.m_resourceHandle);
     stopPresence();
     exit(0);
 }
-- 
2.7.4